From ce58be29befe0697cbae824c12f09064670c4560 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Sun, 6 Nov 2022 16:28:05 +0100 Subject: Move more wireguard config to hiera. --- manifests/wireguard_peer.pp | 14 +------------- manifests/wireguard_server.pp | 15 +++++++++------ 2 files changed, 10 insertions(+), 19 deletions(-) diff --git a/manifests/wireguard_peer.pp b/manifests/wireguard_peer.pp index 0f02e39..6eaeef1 100644 --- a/manifests/wireguard_peer.pp +++ b/manifests/wireguard_peer.pp @@ -32,19 +32,7 @@ class profiles::wireguard_peer ( 'ListenPort' => $profiles::wireguard::port, 'PrivateKey' => $private_key, }, - 'WireGuardPeer' => { - 'PublicKey' => $peer_key, - # IP addresses which the kernel will accept sending over this - # interface. Set it to 0.0.0.0/0 to allow anything to traverse - # the tunnel - 'AllowedIPs' => [ - '10.0.0.0/23', # adrift.space localnet - '10.0.10.2/32', # Wireguard return - ], - # TODO is IP addresses allowed here? - # Where the peer we want to connect to resides - 'Endpoint' => "gandalf.adrift.space:${profiles::wireguard::port}", - } + 'WireGuardPeer' => $peers, } } diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp index 03c4cda..9eee2d2 100644 --- a/manifests/wireguard_server.pp +++ b/manifests/wireguard_server.pp @@ -1,6 +1,13 @@ +# TODO +# - Allow access over IPv4 +# - Allow forwarding IPv6 addresses +# +# - Possibly merge this and wireguard_peer +# - manage keys +# - allow accesss for phones class profiles::wireguard_server ( Sensitive[String] $private_key, - String $peer_key, + Array[Hash] $peers, ) { include ::profiles::wireguard @@ -30,11 +37,7 @@ class profiles::wireguard_server ( 'ListenPort' => $profiles::wireguard::port, 'PrivateKey' => $private_key, }, - # TODO multiple public peers - 'WireGuardPeer' => { - 'PublicKey' => $peer_key, - 'AllowedIPs' => '10.0.10.2/32', - } + 'WireGuardPeer' => $peers, } } -- cgit v1.2.3